That doesn't indicate end-to-end encryption, just that your connections
to Slack are encrypted [1]. That leaves any communication within their
network completely open, and this is a company that has been compromised
not that long ago. They're clearly storing your messages in a format
they can read and provide to you on demand [2].
For all intents and purposes, you should consider your communication
unencrypted, and treat it as such.
[1]
http://www.cantechletter.com/2015/03/slack-is-secure-says-stewart-butterfield/
<- With quotes from Slack CEO about the trade offs they're making.
[2]
http://www.theverge.com/2014/11/24/7255199/slack-alters-privacy-policy-to-let-bosses-read-your-messages
<- wouldn't be possible with end-to-end encryption. They shouldn't be
able to even *see* the content of messages. It's certainly possible to
achieve within an end-to-end encrypted model, but not how they're doing it.
Paul
On 07/12/15 11:21, Derek Balling wrote:
According to Slack, they use encryption. Do you have data contrary to this?
https://slack.com/security
On Jul 12, 2015, at 2:10 PM, Paul Graydon <[email protected]> wrote:
On 07/12/15 10:41, Mark McCullough wrote:
As a security geek, I find the Slack trend … troublesome.
It particularly disturbs me how many people are passing confidential and
sensitive data over Slack without giving it a second thought. Everything from
customer names, details, through to architectural information. Even worse are
those using bots to automate their infrastructure, and hooking them into Slack.
You're passing sensitive information through an unsecured channel (Slack
doesn't employ end-to-end security, and themselves tell you to consider it the
same as using Facebook, public facing email service, etc.), and you don't see
that as a problem? Worse with all powerful bots you're leaving yourself open
to malicious actors taking you down.
Paul
_______________________________________________
Discuss mailing list
[email protected]
https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss
This list provided by the League of Professional System Administrators
http://lopsa.org/
_______________________________________________
Discuss mailing list
[email protected]
https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss
This list provided by the League of Professional System Administrators
http://lopsa.org/
